CVE-2024-1062

Name: CVE-2024-1062
Creator: NVD / NIST
Published: 2024-02-12T13:15:09.21+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.30%

Last modified Jun 17, 2026

CVE-2024-1062 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.. EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.30%

22.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-122

Affected Software

Vendor	Product	Versions
Redhat	389 Directory Server	< 2.2.0
Redhat	Directory Server	All versions
Redhat	Directory Server	11.7
Redhat	Directory Server	11.8
Fedoraproject	Fedora	39
Fedoraproject	Fedora	40
Fedoraproject	Fedora	41
Redhat	Directory Server	12.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Eus	8.6
Redhat	Enterprise Linux Eus	8.8
Redhat	Enterprise Linux Eus	9.2
Redhat	Enterprise Linux For Arm 64 Eus	8.6
Redhat	Enterprise Linux For Arm 64 Eus	8.8
Redhat	Enterprise Linux For Arm 64 Eus	9.2
Redhat	Enterprise Linux For Ibm Z Systems	9.2
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.8
Redhat	Enterprise Linux For Power Little Endian Eus	8.8
Redhat	Enterprise Linux For Power Little Endian Eus	9.2
Redhat	Enterprise Linux Server Aus	8.6
Redhat	Enterprise Linux Server Aus	9.2
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.6
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.8
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.2
Redhat	Enterprise Linux Server Tus	8.6
Redhat	Enterprise Linux Server Tus	8.8
Redhat	Enterprise Linux Update Services For Sap Solutions	8.6
Redhat	Enterprise Linux Update Services For Sap Solutions	8.8

References

https://access.redhat.com/errata/RHSA-2024:1074Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1372Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3047Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4209Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4633Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:5690Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:7458Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:1632
https://access.redhat.com/security/cve/CVE-2024-1062Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2256711Issue Tracking, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2261879Issue Tracking, Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1074Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1372Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3047Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4209Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4633Vendor Advisory
https://access.redhat.com/security/cve/CVE-2024-1062Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2256711Issue Tracking, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2261879Issue Tracking, Vendor Advisory

Timeline

Published: Feb 12, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-1062?

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

How severe is CVE-2024-1062?

CVE-2024-1062 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.

How do I fix CVE-2024-1062?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-1062?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST